Win32/Extats [Threat Name] go to Threat
Win32/Extats.A [Threat Variant Name]
|Detection created||Feb 24, 2011|
|Signature database version||7470|
Win32/Extats.A is a trojan that is used for spam distribution. The file is run-time compressed using UPX .
The trojan may create copies of itself using the following filenames:
A string with variable content is used instead of %variable% .
The following files are dropped:
In order to be executed on every system start, the trojan sets the following Registry entry:
- "mssend" = "%malwarepath%"
The following Registry entries are created:
- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry]
- "SavedLegacySettingsML" = %hexvalue%
By adding an exception in Windows Firewall settings, the trojan ensures that it is not blocked.
Win32/Extats.A is a trojan that is used for spam distribution.
The trojan acquires data and commands from a remote computer or the Internet.
The trojan contains a list of URLs.
Also the e-mail addresses are searched for in the following program(s):
- The Bat
- Microsoft Outlook
- Microsoft Outlook Express
- Internet Explorer
- Mozilla Firefox